Web application hacking and penetration testing v3.1

WAPTP v3.1 is highly practical and hands-on training for Web application penetration testing that covers the OWASP top 10 vulnerabilities to attack and secure.

Combining the most advanced techniques used by offensive hackers to exploit and secure.

[+] Course at a glance

Starting with various terminologies of web technologies such as, HTTP cookies, CORS, Same-origin-policy etc and ends with multiple resources

Once you get sufficient insights of web technologies, the second module covers the, Mapping of application for insecurities, with various tools and tricks with heavy usage of most advanced intercepting proxy "Burp Suite"

Every lesson starts with Finding and hunting for vulnerability by taking the points how developers make and secure the web application at the time of development, once we have the clear path of working of development phase to security, then we hunt for application business logics to attack. This is where most penetration testers failed in their own game.

"If i need to chop down a tree in six hours, i will use four hours to sharpen my axe and rest 2 hours to cut the tree"

The same strategy has been covered in this course. we start with getting around of web applications by making analysis of application and watching the working behavior of the same.

#This course has been adapted from our work experience at gray hat security.

[+] Course materials

Offline access to read PDF slides

8+ Hours of Videos lessons

Self-paced HTML/Flash

Access from PC, TABLETS, SMARTPHONES.

400+ PDF Slides

Basic knowledge

Basics of computer and Internet

What you will learn

Assess Web applications insecurities

Audit OWASP Top 10

Penetrate web applications

Hack web application to assess security vulnerabilities

Perform web security audits

Perform bug hunting

Burp suite advanced

Analysing web apps with Burp suite

Be a Web app hacker!

Be a bug bounty hacker and earn money

Curriculum

Number of Lectures: 64

Total Duration: 07:56:49

Introduction and lab preparation

1 lecture

11:38

Web application simulation lab

11:38

Web application technologies 101

12 lectures

55:15

Web application technologies 101

files

Web application technologies

files

HTTP Protocol Basics

10:48

Encoding Schemes

13:07

Same Origin Policy

06:18

HTTP Cookies

10:59

Cross-origin resource sharing

04:53

Web application proxy - Burp suite

09:10

Web application architecture

files

HTTP state management mechanism RFC

files

DNSSEC- RFC_3008

files

Domain names concepts - rfc1034

files

Information gathering - mapping the applications

9 lectures

58:35

Fingerprinting web server

05:25

DNS Analysis - Enumerating subdomains

03:53

Metasploit for web application attacks

12:06

Web technologies analysis in real time

02:45

Outdated web application to server takeover

07:35

BruteForcing Web applications

05:57

Shodan HQ

07:11

Harvesting the data

05:02

Finding links of target - Maltego CE

08:41

Cross-Site Scripting Attacks - Xss

13 lectures

01:55:48

Cross Site Scripting- XSS

files

Cross site scripting 101

07:26

Reflected type XSS

13:43

Persistent XSS

11:05

DOM-based XSS

10:09

Website defacement through XSS

09:22

Generating XSS attack payloads

12:46

XSS in PHP, ASP & JS Code review for attacking

13:23

Cookie stealing through XSS

12:23

Advanced XSS phishing attacks

07:37

Advanced XSS with BeEF attacks

09:34

Advanced XSS attacks with Burp suite

08:20

Codes for cookie stealing and xss phishing

files

These are the codes written by the instructor that students can use it to perform XSS phishing and cookie stealing as shown in the lessons or in different style of your own.

Sql Injection Attacks - Exploitations

9 lectures

01:39:43

SQL Injection attacks

files

Introduction to SQL Injection

16:20

Dangers of SQL Injection

04:47

Hunting for SQL Injection vulnerabilities

19:53

In-band SQL Injection attacks

26:32

Blind SQL Injection attack in-action

09:44

Exploiting SQL injection - SQLMap

08:46

Fuzzing for SQL Injection - Burp Intruder

13:41

Drupagedden attacks resources

files

You can use the original link provided in the text file for detailed explanation.

Cross Site Request Forgery - XSRF

4 lectures

38:58

CSRF or XSRF attacks methods

12:21

Anti-CSRF Token methods

15:19

Anti-CSRF token stealing

11:18

CSRF Prevention guide

files

Authentication & Authorization Attacks

4 lectures

25:52

Authentication bypass with hydra

11:02

HTTP Verb Tampering

08:49

HTTP parameter pollution

06:01

Authentication sheet-sheet by OWASP

files

Client Side Security Testing

3 lectures

09:36

Client side control bypass - Work in all applications

09:36

All the tricks shown in this lesson works fully on all the web application to bypass client side restrictions like date change, time change, character limitation etc etc...

Web socket-RFC

files

This paper is crucial that will help in understanding the WEB sockets technologies used in more juicy applications.

Cross window messaging - Resources

files

This is important to read as it gives in-depth information about how windows talks to each other that is more crucial for hacking

File Related Vulnerabilities

4 lectures

33:54

LFI & RFI attacks

12:41

LFI - Local File inclusion, RFI - Remote file inclusion

Unrestricted file upload - content type bypass

06:29

Unrestricted file upload - extension type bypass

05:30

Remote code execution using Shell Uploading

09:14

XML External Entity Attacks - Xxe

3 lectures

27:30

XML Documents & database

13:38

XXE attacks in action

13:52

Out of band XXE - Resource

files

Use the link in the text file for better illustration of images. link is in the bottom of text file.

Simpliv LLC, a platform for learning and teaching online courses. We focus on online learning which helps to learn business concepts, software technology to develop personal and professional goals through video library by recognized industry experts.